Binary Code & Binary Analysis

What is binary code?

Binary code is the fundamental form of a piece of programming data that is directly interpreted by a computer. It is comprised of a string of 0’s and 1’s ordered and structured such that it is read by a piece of hardware and executed as part of a larger computer program. It is a product of a multi-stage compilation process that translates source code written in high-level languages such as C or Java into machine code specific to the processor architecture on which the computer program is executed. In a sense, it is the direct language of the computer translated from human-readable source code.

What is binary analysis?

Binary analysis (code review) is a form of static analysis that deals only with the binary executable of an application without visibility into the source code. It is usually comprised of a multi-step approach to reverse engineer the binary by attempting to model data types, flows, and control paths through various means. Then, an attempt is made to analyze the derived model in order to detect recognized security flaw patterns and synthesize the results into detailed vulnerability reports with actionable remediation.

What problems do binary code reviews solve?

Motivations for performing a binary analysis include assessing potential vulnerabilities of an application introduced in the compilation process, performing an independent security audit of a third-party library without involvement from the vendor, or when access to the source code is not possible for whatever reason.

Binary code reviews typically discover vulnerabilities via decomposition and disassembly of the binary and recognition of known vulnerability patterns. This can encompass some of the common weakness types such as buffer overflows, unhandled error conditions, cross-site scripting (XSS), and various injection attack vectors. It is particularly suited for malicious code detection and low-level issues like backdoors and rootkits. This is a result of its inherently ultra-low-level analysis of the machine-level instruction sets.

We also offer a comprehensive set of static analysis solutions with a holistic approach to application security. Our static application security testing (SAST) managed services offering provides scale with reach across the breadth of an organization’s application portfolio as well as elasticity to dynamically respond to evolving threats, shifting business priorities, and workload ebbs and flows.

The source code analysis provided by SAST is inherently more capable in contextually analyzing multi-tier development frameworks with their associated diverse components such as back-end business logic, client-facing views, and various configuration files. The manual inspection step of SAST can more effectively identify subtle vulnerability patterns. This is possible through a human understanding of context from deep-dive analysis of the components in scope. Additionally, manual inspection eliminates noise and false positives during the assessment, resulting in discovery of important vulnerabilities with actionable remediation guidance for each one.